Java Agents 2023.11.2

Strictly enforce the Java Servlet Specification

When set to true, the agent will enforce the Java Servlet Specification for incoming URI paths:

  • an empty segment specifying a path parameter will cause the incoming request to be rejected with an HTTP 400 response.

  • a "dot" segment specifying a path parameter will cause the incoming request to be rejected with an HTTP 400 response.

  • a "dot dot" segment specifying a path parameter will case the incoming request to be rejected with an HTTP 400 response.

Note that when the property Control Handling of the URL Encoded Sequence %2e is set to anything other than REJECT_OUTRIGHT, the encoded sequence %2e will be interpreted as a dot.

Property name

org.forgerock.agents.rigourously.enforce.jakarta.servlet.specification.enabled

Aliases

org.forgerock.agents.rigourously.enforce.jakarta.servlet.specification.enabled
  Introduced in Java Agent 2023.11.2

Function

Configure behaviour

Type

Boolean: true returns true; all other strings return false.

Default

true

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties